Information Exposure in IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications
CVE-2015-5022

Currently unrated

Key Information:

Vendor: IBM
Status: B2b Advanced Communications
Vendor: CVE Published:; 6 October 2015

Summary

The IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications products have a vulnerability that exposes sensitive information. When guest access is enabled, an internal hostname and payload path can be unintentionally leaked in response data. This situation allows remote authenticated users to exploit trading-partner relationships to gain unauthorized access to sensitive response fields, thereby compromising data integrity and confidentiality.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21967334

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 6, 2015
Vulnerability Reserved
Jun 24, 2015